Share via

Entra ID patch sending Add instead of Replace

Scott Beam 0 Reputation points
2024-05-21T22:06:42.1+00:00

i'm working on setting up scim provisioning. I got creates to work and now running into issues with updating users. Specifically some fields are sending Add instead of Replace for the values.

In this example below, I sent the create request with an email of "******@joe.com". It processed fine.

{"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],
"userName":"******@testaccount.onmicrosoft.com","active":true,
"emails":[{"primary":true,"type":"work","value":"******@joe.com"}],
"meta":{"resourceType":"User"},
"name":{"familyName":"TestLastName1","givenName":"joe"},
"title":"scim tester","urn:ietf:params:scim:schemas:extension:custom:2.0:User":{"employeeNumber":"99887766","worksiteId":"180"}}

I then changed the email and see that it is being sent as Add when in reality it should be a replace. How can i make it send as a replace?

{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"Replace","path":"title","value":"tester"},
{"op":"Add","path":"emails[type eq \\"work\\"].value","value":"******@joe.com"}]}
Microsoft Security Microsoft Entra Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. James Hamil 27,211 Reputation points Microsoft Employee Moderator
    2024-05-23T19:26:34.36+00:00

    Hi @Scott Beam , in the example you provided, the "Add" operation is being used to add a new email address to the "emails" array. If you want to replace the existing email address with a new one, you should use the "Replace" operation instead of "Add".

    Here's an example of how you can use the "Replace" operation to update the email address:

    {
  "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
  "Operations": [
    {
      "op": "Replace",
      "path": "title",
      "value": "tester"
    },
    {
      "op": "Replace",
      "path": "emails[type eq \"work\"].value",
      "value": "******@joe.com"
    }
  ]
}

    This will replace the existing email address with "******@joe.com" instead of adding a new one. Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.